New CVEs found alert for assets

After some elaborate restructuring of data and indexes it is finally here: CVE alerts. There is a new index called cves_assets which keeps tracks of CVEs found per asset.

As you know, an asset is either a host (ip address) or url (website or certificate). Any software found on an asset that has a version number is checked for CVEs and the results are stored in the cves_assets index. You can use the following query to create alerts for High and Critical CVEs:

index=cves_assets cvss_score>=7 first_seen>-24h

Of course, there's also a template alert for this available in the alerts library.